Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Re: Use placeholders. For SECURITY!

by nevyn (Monk)
on Nov 14, 2003 at 11:24 UTC ( [id://307022]=note: print w/replies, xml ) Need Help??


in reply to Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!

But then again, I'd rather employ someone who knows how to do right and uses placeholders than someone who uses placeholders because they saw an article on a website that told them they should "for security." The former's understanding would be far more valuable than the latter's best practices.

This seems like a simplification gone too far, personally for either PostGres or Oracle I wouldn't know the entire set that needs to be escaped (or I least I wouldn't trust myself to get it perfect -- which it would need to be). I wouldn't even trust myself to do it perfectly for bourne shell etc., which I use more often, without looking it up. I know the reasons behind why you would do it though, and I could write a non-perfect escaping mechanism (read less than useless). However I doubt there are many people who are cargo culting the use of placeholders ... it's just not that hard a concept. It's probably much more likely that those people are just passing data straight from the web form to the DB.

Also, personally, if someone said they could escape the SQL properly without using placeholders ... I'd have visions of the thousands of C programers who said they could write buffer overflow free code without using an API that made it impossible not to ... so I might well not prefer them based on that.

--
James Antill

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://307022]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (3)
As of 2024-03-19 05:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found